What does this R0 line mean? / HijackThis Log

Posted on 2011-02-27
Medium Priority
Last Modified: 2013-12-06
Hi Friends

I have also found this R0 line on a HijackThis Log from a customer.
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

I know this is for Internet Explorers starting page and search assistant. But what does this line mean exactly? Where can I find more information’s about this line? Why is nothing behind the = ? I have also found some logs with Obfuscated. Is this Spyware? Because I have read this is a sign of spyware and difficult to remove such an infection.

Thank you very much
Question by:awawada
  • 2
  • 2
  • 2
  • +1
LVL 22

Assisted Solution

optoma earned 500 total points
ID: 34991399
Some info regarding HJT

That line is ok to the best of my knowledge :)

Upload the log to Hijackthis.de to be analyzed and there is an info button beside each line.

>Apart from that, machine behaving ok?

Expert Comment

ID: 34991407
"HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" with nothing after it I assume it means your browser is not starting with any addon toolbars, I get the same result with nothing after = iwhen I do a scan and mines clean.

not sure about the Obfuscated

Assisted Solution

FastSi earned 500 total points
ID: 34991423
Hijack this is by trendmicro so could also post on http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

LVL 18

Author Comment

ID: 34991468
Hi optoma

after a long time. hope you are fine?
I know this Tutorial it's pretty good, but i dont find much infos about:
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

good idea with http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware .
Are you sure this has something to do with addon toolbars? Has this nothing to do with Internet Explorer Links folder with the Favorites?
LVL 35

Accepted Solution

torimar earned 1000 total points
ID: 34991918
If you launch IE, and go to the Favorites menu, you will see a folder called "Links" in that menu. If you delete it, it will be recreated automatically.

That is what the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName

controls. If "LinksFolderName=Links" the folder will be recreated, if "LinksFolderName=" it will not be recreated.
This is a popular registry tweak: http://www.pctools.com/guides/registry/detail/550/

"LinksFolderName=Links" is the default entry; as long as it is active, HJT does not include the key in its scan report. Once it is changed, HJT will report this.

You could easily let HJT fix the issue, but that may not be in the interest of your client if he/she intentionally applied this reg tweak.
LVL 22

Expert Comment

ID: 34992197
Hi Awawada.
Been a while. All is fine, thankfully as ever! :)

LVL 18

Author Closing Comment

ID: 34993110
Thanks Friends!

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question